[ptls] PyPI maintainer cleanup - Action needed: Contact extra maintainers

Rajat Dhasmana rdhasman at redhat.com
Mon Apr 3 14:44:22 UTC 2023 

Hi Jay,

We have some maintainers that are not active in the Cinder project for
quite some time.
I'm sure they will agree to the idea we have but it's not easy to reach
them for the changes
to be made (Tried to reach out but received no response).
I wanted to know if this problem is being faced by other projects also? and
Do we have a solution for such scenarios?

Thanks
Rajat Dhasmana

On Wed, Mar 22, 2023 at 9:55 PM Jay Faulkner <jay at gr-oss.io> wrote:

> Hey all,
>
> Wanted to remind you all: vPTG is a great time to address this issue! Even
> if the PyPI maintainers you would need to contact are emeritus
> contributors; you may have someone still on the project team who has
> contact with them. I strongly recommend you utilize this time to help clean
> your projects up.
>
> Thanks,
> Jay Faulkner
> TC Vice-Chair
>
> On Tue, Mar 21, 2023 at 9:03 AM Jay Faulkner <jay at gr-oss.io> wrote:
>
>> Thanks to those who have already taken action! Fifty extra maintainers
>> have already been removed, with around three hundred to go.
>>
>> Please reach out to me if you're having trouble finding current email
>> addresses for anyone, or having trouble with the process at all.
>>
>> Thanks,
>> Jay Faulkner
>> TC Vice-Chair
>>
>>
>> On Thu, Mar 16, 2023 at 3:22 PM Jay Faulkner <jay at gr-oss.io> wrote:
>>
>>> Hi PTLs,
>>>
>>> The TC recently voted[1] to require humans be removed from PyPI access
>>> for OpenStack-managed projects. This helps ensure all releases are created
>>> via releases team tooling and makes it less likely for a user account
>>> compromise to impact OpenStack packages.
>>>
>>> Many projects have already updated
>>> https://etherpad.opendev.org/p/openstack-pypi-maintainers-cleanup#L33
>>> with a list of packages that contain extra maintainers. We'd like to
>>> request that PTLs, or their designate, reach out to any extra maintainers
>>> listed for projects you are responsible for and request they remove their
>>> access in accordance with policy. An example email, and detailed steps to
>>> follow have been provided at
>>> https://etherpad.opendev.org/p/openstack-pypi-maintainers-cleanup-email-template
>>> .
>>>
>>> Thank you for your cooperation as we work to improve our security
>>> posture and harden against supply chain attacks.
>>>
>>> Thank you,
>>> Jay Faulkner
>>> TC Vice-Chair
>>>
>>> 1:
>>> https://opendev.org/openstack/governance/commit/979e339f899ef62d2a6871a99c99537744c5808d
>>>
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230403/67be70c1/attachment.htm>

More information about the openstack-discuss mailing list